SUBNET PowerSYSTEM Server and Substation Server

Plan Patch8.4ICS-CERT ICSA-24-100-01Apr 9, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Privilege escalation, denial of service, and arbitrary code execution vulnerabilities in PowerSYSTEM Server 2021 and Substation Server 2021 versions 4.07.00 and earlier, caused by outdated libraries. Local access required for exploitation.

What this means

What could happen

An attacker with local access to the server could escalate privileges, execute arbitrary code, or crash the system, potentially disrupting energy management and SCADA operations.

Who's at risk

Energy utilities running SUBNET PowerSYSTEM Server or Substation Server (versions 4.07.00 and earlier) for SCADA control and monitoring. This affects operators of power substations and energy management systems that depend on these servers.

How it could be exploited

An attacker with local system access could exploit vulnerabilities in outdated libraries used by the server to escalate privileges, execute arbitrary commands, or trigger a denial of service. The attack does not require network access—only local account or direct system access is needed.

Prerequisites

Local system access (physical or via existing account)
No special credentials required to exploit once local access obtained

Low attack complexityNo authentication required for local exploitationHigh impact: code execution and privilege escalationAffects energy sector SCADA/operations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

PowerSYSTEM Server: <=4.07.00≤ 4.07.004.09.00.927 or newer

Substation Server 2021: <=4.07.00≤ 4.07.004.09.00.927 or newer

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict local access to servers through physical security and endpoint access controls

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerSYSTEM Server and Substation Server to version 4.09.00.927 or newer

Long-term hardening

0/1

HARDENINGIsolate PowerSYSTEM and Substation servers from business networks and the internet

CVEs (1)

CVE-2024-3313

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/21a47e18-7ad4-4335-8270-34a3a1058996